漏洞描述
XStream库存在不安全反序列化漏洞,该漏洞是由于对用户提供的XML数据中的事件处理器类型验证不足导致的。
XStream Library ReflectionConverter不安全反序列化漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
- POC CVE-2013-7285: XStream <1.4.6/1.4.10 - Remote Code Execution
- POC CVE-2018-18809: TIBCO JasperReports Library - Directory Traversal
- POC CVE-2019-18957: MicroStrategy Library <11.1.3 - Cross-Site Scripting
- POC CVE-2020-26217: XStream <1.4.14 - Remote Code Execution
- POC CVE-2020-26258: XStream <1.4.15 - Server-Side Request Forgery
- POC CVE-2021-21315: Node.JS System Information Library <5.3.1 - Remote Command Injection
- POC CVE-2021-21345: XStream < 1.4.16 - Remote Code Execution
- POC CVE-2021-21351: XStream <1.4.16 - Remote Code Execution
- POC CVE-2021-29505: XStream <1.4.17 - Remote Code Execution
- POC CVE-2021-30134: Php-mod/curl Library <2.3.2 - Cross-Site Scripting
- POC CVE-2021-39141: XStream 1.4.18 - Remote Code Execution
- POC CVE-2021-39144: XStream 1.4.18 - Remote Code Execution